<?php
	//if the form has been submitted, then
	// 	call login function
	//	if login function return true 
	//		start session 
	//		load user profile into session 
	//		redirect to home page
	//	else
	//		set error
	//		show the login form
	//	end if
	//else 
	//	show the login form


	$user_name="";
	if (isset($_REQUEST["user_name"])) {
		$user_name=$_REQUEST["user_name"];
	}
	$password="";
	if (isset($_REQUEST["password"])) {
		$password=$_REQUEST["password"];
		//$password=md5($password);
	}
	?>
<?php
	
	include("users.php");
	$obj=new users();
	// if (!$obj->login($user_name,$password)){
	// 	echo "error";
	// 	echo mysql_error();
	// }
	
	$msg="Login";
	if(isset($_REQUEST['user_name'])){

		//the login form has been submitted
		$user_name=$_REQUEST['user_name'];
		$password=$_REQUEST['password'];
		//call login to check username and password
		if($obj->login($user_name,$password)){
			session_start();	//initiate session for the current login
			loadUserProfile($user_name);	//load user information into the session
			header("location: index_users.php");	//redirect to home page
			echo "<a href='index.php'>click here</a>";	//if redirect fails, provide a link
			exit();
		}else{
			//if login returns false, then something is worng
			$msg="username or password is wrong";
		}
	}
	
	
?>
<html>
<head>
	<title>Login</title>
</head>
<body>
		<form action="login.php" method="POST">
		<table align="center" width="80%">
			<tr>
				<td width="30%"></td>
				<td colspan="2" align="center"><span><?php echo $msg ?></span></td>
				<td width="30%"></td>
			</tr>
			<tr>
				<td width="30%"></td>
				<td>username</td>
				<td><input type="text" name="user_name"></td>
				<td width="30%"></td>
			</tr>
			<tr>
				<td width="30%"></td>
				<td>password</td>
				<td><input type="password" name="password"></td>
				<td  width="30%"></td>
			</tr>
			<tr>
				<td></td>
				<td></td>
				<td><input type="submit" name="submit" value="login"></td>
				<td></td>
			</tr>
		<table>
	</form>
</body>
</html>

	<?php
	function loadUserProfile($user_name){
		//load username and other informaiton into the session 
		//the user informaiton comes from the database
		$_SESSION['user_name']=$user_name;
		$_SESSION['usertype']=1;
		//permission
	}
?>